Deleting IAM policies
You can delete IAM policies using the Amazon Web Services Management Console, the Amazon Command Line Interface (Amazon CLI), or the IAM API.
Deletion of IAM policies is permanent. After the policy is deleted it cannot be recovered.
For more information about the difference between managed and inline policies, see Managed policies and inline policies.
For general information about IAM policies, see Policies and permissions in IAM.
The number and size of IAM resources in an Amazon account are limited. For more information, see IAM and Amazon STS quotas, name requirements, and character limits.
Topics
View policy access
Before you delete a policy, you should review its recent service-level activity. This is important because you don't want to remove access from a principal (person or application) who is using it. For more information about viewing last accessed information, see Refining permissions in Amazon using last accessed information.
Deleting IAM policies (console)
You can delete a customer managed policy to remove it from your Amazon Web Services account. You cannot delete Amazon managed policies.
To delete a customer managed policy (console)
Sign in to the Amazon Web Services Management Console and open the IAM console at https://console.amazonaws.cn/iam/
. -
In the navigation pane, choose Policies.
-
Select the check box next to the customer managed policy to delete. You can use the search box to filter the list of policies.
-
Choose Actions, and then choose Delete.
-
Confirm that you want to delete the policy, and then choose Delete.
To delete an inline policy for a user group, user, or role (console)
-
In the navigation pane, choose User groups, Users, or Roles.
-
Choose the name of the user group, user, or role with the policy that you want to delete. Then choose the Permissions tab. If you chose Users or Roles, expand the policy.
-
To delete an inline policy in User groups, choose Delete. To delete an inline policy in Users or Roles, choose X.
-
If you are deleting a single inline policy in User groups, type the name of the policy and choose Delete. If you are deleting multiple inline policies in User groups, type the number of policies you are deleting followed by
inline policies
and choose Delete. For example, if you are deleting three inline policies, type3 inline policies
.
Deleting IAM policies (Amazon CLI)
You can delete a customer managed policy from the Amazon Command Line Interface.
To delete a customer managed policy (Amazon CLI)
-
(Optional) To view information about a policy, run the following commands:
-
To list managed policies: list-policies
-
To retrieve detailed information about a managed policy: get-policy
-
-
(Optional) To find out about the relationships between the policies and identities, run the following commands:
-
To list the identities (users, user groups, and roles) to which a managed policy is attached, run the following command:
-
To list the managed policies attached to an identity (a user, user group, or role), run one of the following commands:
-
-
To delete a customer managed policy, run the following command:
To delete an inline policy (Amazon CLI)
-
(Optional) To list all inline policies that are attached to an identity (user, user group, role), use one of the following commands:
-
(Optional) To retrieve an inline policy document that is embedded in an identity (user, user group, or role), use one of the following commands:
-
To delete an inline policy from an identity (user, user group, or role that is not a service-linked role), use one of the following commands:
Deleting IAM policies (Amazon API)
You can delete a customer managed policy using the Amazon API.
To delete a customer managed policy (Amazon API)
-
(Optional) To view information about a policy, call the following operations:
-
To list managed policies: ListPolicies
-
To retrieve detailed information about a managed policy: GetPolicy
-
-
(Optional) To find out about the relationships between the policies and identities, call the following operations:
-
To list the identities (users, user groups, and roles) to which a managed policy is attached, call the following operation:
-
To list the managed policies attached to an identity (a user, user group, or role), call one of the following operations:
-
-
To delete a customer managed policy, call the following operation:
To delete an inline policy (Amazon API)
-
(Optional) To list all inline policies that are attached to an identity (user, user group, role), call one of the following operations:
-
(Optional) To retrieve an inline policy document that is embedded in an identity (user, user group, or role), call one of the following operations:
-
To delete an inline policy from an identity (user, user group, or role that is not a service-linked role), call one of the following operations: